Vault 1979: Query API for Irrevocable Leases #11607
+1,028
−12
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| ```release-note:improvement | ||
| core: add irrevocable lease list and count apis | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -8,6 +8,7 @@ import ( | |
| "math/rand" | ||
| "os" | ||
| "path" | ||
| "sort" | ||
| "strconv" | ||
| "strings" | ||
| "sync" | ||
|
|
@@ -73,6 +74,12 @@ const ( | |
| genericIrrevocableErrorMessage = "unknown" | ||
|
|
||
| outOfRetriesMessage = "out of retries" | ||
|
|
||
| // maximum number of irrevocable leases we return to the irrevocable lease | ||
| // list API **without** the `force` flag set | ||
| MaxIrrevocableLeasesToReturn = 10000 | ||
|
|
||
| MaxIrrevocableLeasesWarning = "Command halted because many irrevocable leases were found. To emit the entire list, re-run the command with force set true." | ||
| ) | ||
|
|
||
| type pendingInfo struct { | ||
|
|
@@ -261,18 +268,7 @@ func (r *revocationJob) OnFailure(err error) { | |
| func expireLeaseStrategyFairsharing(ctx context.Context, m *ExpirationManager, leaseID string, ns *namespace.Namespace) { | ||
| nsCtx := namespace.ContextWithNamespace(ctx, ns) | ||
|
|
||
| mountAccessor := m.getLeaseMountAccessor(ctx, leaseID) | ||
|
|
||
| job, err := newRevocationJob(nsCtx, leaseID, ns, m) | ||
| if err != nil { | ||
|
|
@@ -2418,6 +2414,155 @@ func (m *ExpirationManager) markLeaseIrrevocable(ctx context.Context, le *leaseE | |
| m.nonexpiring.Delete(le.LeaseID) | ||
| } | ||
|
|
||
| func (m *ExpirationManager) getNamespaceFromLeaseID(ctx context.Context, leaseID string) (*namespace.Namespace, error) { | ||
| _, nsID := namespace.SplitIDFromString(leaseID) | ||
|
|
||
| // avoid re-declaring leaseNS and err with scope inside the if | ||
| leaseNS := namespace.RootNamespace | ||
| var err error | ||
| if nsID != "" { | ||
| leaseNS, err = NamespaceByID(ctx, nsID, m.core) | ||
| if err != nil { | ||
| return nil, err | ||
| } | ||
| } | ||
|
|
||
| return leaseNS, nil | ||
| } | ||
|
|
||
| func (m *ExpirationManager) getLeaseMountAccessor(ctx context.Context, leaseID string) string { | ||
| m.coreStateLock.RLock() | ||
| mount := m.core.router.MatchingMountEntry(ctx, leaseID) | ||
| m.coreStateLock.RUnlock() | ||
|
|
||
| var mountAccessor string | ||
| if mount == nil { | ||
| mountAccessor = "mount-accessor-not-found" | ||
| } else { | ||
| mountAccessor = mount.Accessor | ||
| } | ||
|
|
||
| return mountAccessor | ||
| } | ||
|
|
||
| // TODO SW if keep counts as a map, should update the RFC | ||
| func (m *ExpirationManager) getIrrevocableLeaseCounts(ctx context.Context, includeChildNamespaces bool) (map[string]interface{}, error) { | ||
| requestNS, err := namespace.FromContext(ctx) | ||
| if err != nil { | ||
| m.logger.Error("could not get namespace from context", "error", err) | ||
| return nil, err | ||
| } | ||
|
|
||
| numMatchingLeasesPerMount := make(map[string]int) | ||
| numMatchingLeases := 0 | ||
| m.irrevocable.Range(func(k, v interface{}) bool { | ||
| leaseID := k.(string) | ||
| leaseNS, err := m.getNamespaceFromLeaseID(ctx, leaseID) | ||
| if err != nil { | ||
| // We should probably note that an error occured, but continue counting | ||
| m.logger.Warn("could not get lease namespace from ID", "error", err) | ||
| return true | ||
| } | ||
|
|
||
| leaseMatches := (leaseNS == requestNS) || (includeChildNamespaces && leaseNS.HasParent(requestNS)) | ||
| if !leaseMatches { | ||
| // the lease doesn't meet our criteria, so keep looking | ||
| return true | ||
| } | ||
|
|
||
| mountAccessor := m.getLeaseMountAccessor(ctx, leaseID) | ||
|
|
||
| if _, ok := numMatchingLeasesPerMount[mountAccessor]; !ok { | ||
| numMatchingLeasesPerMount[mountAccessor] = 0 | ||
| } | ||
|
|
||
| numMatchingLeases++ | ||
| numMatchingLeasesPerMount[mountAccessor]++ | ||
|
|
||
| return true | ||
| }) | ||
|
|
||
| resp := make(map[string]interface{}) | ||
| resp["lease_count"] = numMatchingLeases | ||
| resp["counts"] = numMatchingLeasesPerMount | ||
|
|
||
| return resp, nil | ||
| } | ||
|
|
||
| type leaseResponse struct { | ||
| LeaseID string `json:"lease_id"` | ||
| MountID string `json:"mount_id"` | ||
| ErrMsg string `json:"error"` | ||
| expireTime time.Time | ||
| } | ||
|
|
||
| // returns a warning string, if applicable | ||
| // limit specifies how many results to return, and must be >0 | ||
| // includeAll specifies if all results should be returned, regardless of limit | ||
| func (m *ExpirationManager) listIrrevocableLeases(ctx context.Context, includeChildNamespaces, returnAll bool, limit int) (map[string]interface{}, string, error) { | ||
| requestNS, err := namespace.FromContext(ctx) | ||
| if err != nil { | ||
| m.logger.Error("could not get namespace from context", "error", err) | ||
| return nil, "", err | ||
| } | ||
|
|
||
| // map of mount point : lease info | ||
| matchingLeases := make([]*leaseResponse, 0) | ||
| numMatchingLeases := 0 | ||
| var warning string | ||
| m.irrevocable.Range(func(k, v interface{}) bool { | ||
| leaseID := k.(string) | ||
| leaseInfo := v.(*leaseEntry) | ||
|
|
||
| leaseNS, err := m.getNamespaceFromLeaseID(ctx, leaseID) | ||
| if err != nil { | ||
| // We probably want to track that an error occured, but continue counting | ||
| m.logger.Warn("could not get lease namespace from ID", "error", err) | ||
| return true | ||
| } | ||
|
|
||
| leaseMatches := (leaseNS == requestNS) || (includeChildNamespaces && leaseNS.HasParent(requestNS)) | ||
| if !leaseMatches { | ||
| // the lease doesn't meet our criteria, so keep looking | ||
| return true | ||
| } | ||
|
|
||
| if !returnAll && (numMatchingLeases >= limit) { | ||
| m.logger.Warn("hit max irrevocable leases without force flag set") | ||
| warning = MaxIrrevocableLeasesWarning | ||
| return false | ||
| } | ||
|
|
||
| mountAccessor := m.getLeaseMountAccessor(ctx, leaseID) | ||
|
|
||
| numMatchingLeases++ | ||
| matchingLeases = append(matchingLeases, &leaseResponse{ | ||
| LeaseID: leaseID, | ||
| MountID: mountAccessor, | ||
| ErrMsg: leaseInfo.RevokeErr, | ||
| expireTime: leaseInfo.ExpireTime, | ||
| }) | ||
|
|
||
| return true | ||
| }) | ||
|
|
||
| // sort the results for consistent API response. we primarily sort on | ||
| // increasing expire time, and break ties with increasing lease id | ||
| sort.Slice(matchingLeases, func(i, j int) bool { | ||
| if !matchingLeases[i].expireTime.Equal(matchingLeases[j].expireTime) { | ||
| return matchingLeases[i].expireTime.Before(matchingLeases[j].expireTime) | ||
| } | ||
|
|
||
| return matchingLeases[i].LeaseID < matchingLeases[j].LeaseID | ||
|
There was a problem hiding this comment. I think this is fine, but we could also sort by expiration time then lease id, so the operator can get a sense of how old the oldest irrevocable leases are. There was a problem hiding this comment. yeah that sounds like a good idea There was a problem hiding this comment. Other way around on that sort? I think you want to do it in just one pass with the sort predicate testing expiration time and returning if non-equal, then testing leaseid if the expiration times are equal. There was a problem hiding this comment. can you clarify how you'd like this sorted? the current code will display the oldest-expiring leases at the top of the list, and if multiple leases have the same expiration time it will then display them in increasing order by the lease id (a comes before b) i can certainly do it in one slice sort path, but let's verify how we want the results displayed first There was a problem hiding this comment. we chatted in slack. sorting is correct, but made more efficient here: 585caea |
||
| }) | ||
|
|
||
| resp := make(map[string]interface{}) | ||
| resp["lease_count"] = numMatchingLeases | ||
| resp["leases"] = matchingLeases | ||
|
|
||
| return resp, warning, nil | ||
| } | ||
|
|
||
| // leaseEntry is used to structure the values the expiration | ||
| // manager stores. This is used to handle renew and revocation. | ||
| type leaseEntry struct { | ||
|
|
||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One downside to using a sync.Map here is that the range scans will be unordered. We could sort the leases before returning them, but in the case where there are
> MaxIrrevocableLeasesToReturnleases we may return a different set of leases each call. For now should we sort the values before returning them?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah, i think there's benefit to that consistency
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i've also thought that getting away from
sync.Mapcould be nice so that when there are >10,000 results we can tell the client how many to expect (without doing the work of going through all of them)... a story for another day perhapsThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
d06e923